Problems with WS client authentication.
Hi,
I'm trying to have a PI poll a GPS and send that to signal-k using WS. I'm running version 2.15.3 on Debian 11 bullseye. I create a read/write user, I use the signalk-generate-token command: signalk-generate-token -u pi2 -e 1y -s ~/.signalk/security.json. A token is generated, however it's not added to to security.json file. I've tried adding one manually then restarting the server, but authentication continues to fail.
Any idea what's going on here?
I assume there's a bug with 'generate-token', but to get it going manually do I need to add anything else in security.json beside what's here: { "username": "local-pi", "type": "readwrite", "password": "$2a$10$5JfSICCRvsjxnmUMtSkuJO9IhpXUMkhE.o790dWIUPpFC0K2J8juC", "api-tokens": [ { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImxvY2FsLXBpIiwiaWF0IjoxNzU3MDMwMDk0LCJleHAiOjE3ODg1ODc2OTR9.2j4NtNa-Duz8G6D-XBO5ptHjDou0hWlgCenE-EAW2Tw" } ] }, Thanks much!
I assume there's a bug with 'generate-token', but to get it going manually do I need to add anything else in security.json beside what's here: { "username": "local-pi", "type": "readwrite", "password": "$2a$10$5JfSICCRvsjxnmUMtSkuJO9IhpXUMkhE.o790dWIUPpFC0K2J8juC", "api-tokens": [ { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImxvY2FsLXBpIiwiaWF0IjoxNzU3MDMwMDk0LCJleHAiOjE3ODg1ODc2OTR9.2j4NtNa-Duz8G6D-XBO5ptHjDou0hWlgCenE-EAW2Tw" } ] }, Thanks much!
9 Replies
The token does not go into the security.json file. It is not stored anywhere on the system.
thanks for the quick response Scott, what can I do to troubleshoot this further?
Here's my code:
and this is what the server log says when I try to connect: {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImxvY2FsLXBpIiwiaWF0IjoxNzU3MDMwMDk0LCJleHAiOjE3ODg1ODc2OTR9.2j4NtNa-Duz8G6D-XBO5ptHjDou0hWlgCenE-EAW2Tw"},"protocol":"1.0.0"}
Sep 05 12:48:59 2025-09-05T02:48:59.565Z signalk-server:interfaces:ws XDtGKo_tZ2B39i_dPdGSd disconnected
that's not a valid message
The code above is empty, I can't see it
thanks Scott, I'll review that link more closely!
The easiest way is just to include the token in the HTTP header when you connect